Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

Formal certification and compliance for run-time service environments

With the increased awareness of security and safety of services in on-demand distributed service provisioning (such as the recent adoption of Cloud infrastructures), certification and compliance checking of services is becoming a key element for service engineering. Existing certification techniques tend to support mainly design-time checking of service properties and tend not to support the run-time monitoring and progressive certification in the service execution environment. In this paper we discuss an approach which provides both design-time and runtime behavioural compliance checking for a services architecture, through enabling a progressive event-driven model-checking technique. Providing an integrated approach to certification and compliance is a challenge however using analysis and monitoring techniques we present such an approach for on-going compliance checking

Investigating the impact of combining handwritten signature and keyboard keystroke dynamics for gender prediction

© 2019 IEEE. The use of soft-biometric data as an auxiliary tool on user identification is already well known. Gender, handorientation and emotional state are some examples which can be called soft-biometrics. These soft-biometric data can be predicted directly from the biometric templates. It is very common to find researches using physiological modalities for soft-biometric prediction, but behavioural biometric is often not well explored for this context. Among the behavioural biometric modalities, keystroke dynamics and handwriting signature have been widely explored for user identification, including some soft-biometric predictions. However, in these modalities, the soft-biometric prediction is usually done in an individual way. In order to fill this space, this study aims to investigate whether the combination of those two biometric modalities can impact the performance of a soft-biometric data, gender prediction. The main aim is to assess the impact of combining data from two different biometric sources in gender prediction. Our findings indicated gains in terms of performance for gender prediction when combining these two biometric modalities, when compared to the individual ones

DScentTrail: A new way of viewing deception

The DScentTrail System has been created to support and demonstrate research theories in the joint disciplines of computational inference, forensic psychology and expert decision-making in the area of counter-terrorism. DScentTrail is a decision support system, incorporating artificial intelligence, and is intended to be used by investigators. The investigator is presented with a visual representation of a suspect‟s behaviour over time, allowing them to present multiple challenges from which they may prove the suspect guilty outright or receive cognitive or emotional clues of deception. There are links into a neural network, which attempts to identify deceptive behaviour of individuals; the results are fed back into DScentTrail hence giving further enrichment to the information available to the investigator

An Experimental Study of Diversity with Off-The-Shelf AntiVirus Engines

Fault tolerance in the form of diverse redundancy is well known to improve the detection rates for both malicious and non-malicious failures. What is of interest to designers of security protection systems are the actual gains in detection rates that they may give. In this paper we provide exploratory analysis of the potential gains in detection capability from using diverse AntiVirus products for the detection of self-propagating malware. The analysis is based on 1599 malware samples collected by the operation of a distributed honeypot deployment over a period of 178 days. We sent these samples to the signature engines of 32 different AntiVirus products taking advantage of the VirusTotal service. The resulting dataset allowed us to perform analysis of the effects of diversity on the detection capability of these components as well as how their detection capability evolves in time

Action Stories for Counter Terrorism (extended abstract)

Due to the raised terrorist threat worldwide, there is an urgent need to research that assists security and police services to protect the public and key assets and to prevent attacks from taking place. Successful protection and prevention may require potential and known suspects to be monitored or arrested. These operations are high risk because inappropriate surveillance, interview or arrest may have damaging political, public relations and intelligence effects. In addition to better tracking information on which to base suspicions, the security and police services need to have confidence that operations will yield evidence that can demonstrate conclusively that a deceptive activity such as a terrorist attack was in the process of being planned or executed before an operation takes place

A Middleware for the Internet of Things

The Internet of Things (IoT) connects everyday objects including a vast array of sensors, actuators, and smart devices, referred to as things to the Internet, in an intelligent and pervasive fashion. This connectivity gives rise to the possibility of using the tracking capabilities of things to impinge on the location privacy of users. Most of the existing management and location privacy protection solutions do not consider the low-cost and low-power requirements of things, or, they do not account for the heterogeneity, scalability, or autonomy of communications supported in the IoT. Moreover, these traditional solutions do not consider the case where a user wishes to control the granularity of the disclosed information based on the context of their use (e.g. based on the time or the current location of the user). To fill this gap, a middleware, referred to as the Internet of Things Management Platform (IoT-MP) is proposed in this paper.Comment: 20 pages, International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.2, March 201